Indirect authentication

ABSTRACT

Techniques are provided for granting authorization to restricted content on a display device from an authorizing device. In one embodiment, the display device may operate in a display mode where only unrestricted content is accessible. To access restricted content, the display device may transmit an authorization request signal to the authorizing device. The authorizing device, having received the authorization request, prompts an authorized user to enter an authentication input, such as a password or gesture, on the authorizing device. Upon verification of the authentication input, the authorizing device is authenticated. An authorization signal is transmitted to the display device, and the display device may operate in an authorized mode, having access to otherwise restricted content or functions.

BACKGROUND

The present disclosure relates generally to electronic devices, and morespecifically to controlling access to content on an electronic displaydevice.

This section is intended to introduce the reader to various aspects ofart that may be related to various aspects of the present disclosure,which are described and/or claimed below. This discussion is believed tobe helpful in providing the reader with background information tofacilitate a better understanding of the various aspects of the presentdisclosure. Accordingly, it should be understood that these statementsare to be read in this light, and not as admissions of prior art.

Electronic display devices such as cellular telephones, computers,tablets, and so forth, are increasingly used for a variety of displayapplications. For example, electronic display devices are commonlyutilized to display information in public settings, such as in retail orexhibition venues. Integrating such electronic display devices in suchretail or exhibition venues may be valuable for a number of reasons. Forinstance, electronic display devices may be interactive with potentialcustomers, such that potential customers may use a display device toview different information on the display screen, resize the informationdisplayed on the screen, request employee assistance by using graphicaluser interfaces on the screen, etc. Moreover, if the electronic displaydevice itself is a product of the business or retail establishment,using the device as an informative display may allow potential customersto sample the functionality of the device. Using electronic displaydevices as an informative display may therefore be an integral retail ormarketing strategy for many businesses. Due to the accessibility of suchinformative displays, the displays may typically be configured to havecontent and function restrictions for security, proprietary, and/orconfidentiality reasons. For example, while informative displays maydisplay limited content (e.g., pricing information, productspecifications, product reviews, etc.) to potential customers, suchdevices may also include other information (e.g., inventory and salesdata, customer information, warrantee information, etc.) which may beaccessible only to employees and/or managers. In certain situations, anemployee may wish to access the restricted information in the presenceof a customer. However, in such situations, utilizing a conventionalpassword login interface method may not be sufficiently secure, as thepassword may be seen and made repeatable by unauthorized bystanders.Additionally, deliberately shielding a screen from view of bystandersmay be an undesirable retail strategy. Therefore, a means for accessingrestricted content on an electronic display device without compromisingthe future security of the restricted content may be desirable.

SUMMARY

A summary of certain embodiments disclosed herein is set forth below. Itshould be understood that these aspects are presented merely to providethe reader with a brief summary of these certain embodiments and thatthese aspects are not intended to limit the scope of this disclosure.Indeed, this disclosure may encompass a variety of aspects that may notbe set forth below.

Embodiments of the present disclosure relate to systems and methods forobtaining indirect device authorization. For example, a display devicemay have a display mode and an authorized mode, wherein the display modeis accessible by default and the authorized mode is only accessibleafter the display device has been authorized by a separate authorizingdevice. The present techniques allow the display device to send anauthorization request to the authorizing device, and allow theauthorizing device to give or deny authorization to the first device bysending an authorization signal.

In some embodiments, the display device may be used in a retailenvironment as electronic signage when in the display mode, and theauthorizing device may be a device used by an employee. In thisembodiment, the display device may need to enter the authorized mode sothat its content may be changed or so that the employee may access otherfunctions on the display device. Thus, the display device may enter theauthorized mode so long as the employee configures the second devicegives authorization to the display device

Various refinements of the features noted above may exist in relation tovarious aspects of the present disclosure. Further features may also beincorporated in these various aspects as well. These refinements andadditional features may exist individually or in any combination. Forinstance, various features discussed below in relation to one or more ofthe illustrated embodiments may be incorporated into any of theabove-described aspects of the present disclosure alone or in anycombination. Again, the brief summary presented above is intended onlyto familiarize the reader with certain aspects and contexts ofembodiments of the present disclosure without limitation to the claimedsubject matter.

BRIEF DESCRIPTION OF THE DRAWINGS

Various aspects of this disclosure may be better understood upon readingthe following detailed description and upon reference to the drawings inwhich:

FIG. 1 is a block diagram of an electronic device, in accordance withaspects of the present disclosure;

FIG. 2 is a perspective view of a handheld electronic device inaccordance with aspects of the present disclosure;

FIG. 3 is a perspective view of a computer for use in accordance withaspects of the present disclosure;

FIG. 4 is a perspective view of a tablet computer for use in accordancewith aspects of the present disclosure;

FIG. 5 is a view of an indirect authorization system in accordance withaspects of the present disclosure;

FIG. 6 is a flowchart depicting a process of indirect authorization inaccordance with aspects of the present disclosure;

FIG. 7 is a representative view of a first device being entered into aready mode, in accordance with aspects of the present disclosure;

FIG. 8 is an illustration of a progression of screens on a second devicein an indirect authorization process, in accordance with aspects of thepresent disclosure;

FIG. 9 is an illustration of a progression of screens on a second devicein another indirect authorization process, in accordance with thepresent disclosure;

FIG. 10 is a screen of a second device having an authorization requestqueue, in accordance with the present disclosure;

FIG. 11 is a representation of an indirect authorization system using acamera on an authorizing device, in accordance with the presentdisclosure; and

FIG. 12 is a representation of another indirect authorization systemusing a camera on an authorizing device, in accordance with the presentdisclosure.

DETAILED DESCRIPTION OF SPECIFIC EMBODIMENTS

One or more specific embodiments will be described below. In an effortto provide a concise description of these embodiments, not all featuresof an actual implementation are described in the specification. Itshould be appreciated that in the development of any such actualimplementation, as in any engineering or design project, numerousimplementation-specific decisions must be made to achieve thedevelopers' specific goals, such as compliance with system-related andbusiness-related constraints, which may vary from one implementation toanother. Moreover, it should be appreciated that such a developmenteffort might be complex and time consuming, but would nevertheless be aroutine undertaking of design, fabrication, and manufacture for those ofordinary skill having the benefit of this disclosure.

The present techniques involve wirelessly providing authorization to afirst device, also referred to as a display device, by a second device,also referred to as an authorizing device. Specifically, the displaydevice may have unrestricted content that is accessible to any user ofthe device, as well as restricted content that is generally notaccessible to a user without receiving authorization from the seconddevice. The display device may operate in a display mode when only theunrestricted content is accessible and in an authorized mode whenauthorization is received and a portion or all of the restricted contentbecomes accessible.

One application of such techniques is in a retail environment whereelectronic display devices may be accessible to customers in displaymode. Generally, such display devices may be configured to have certainunrestricted content and functions accessible to customers. For example,such unrestricted content may be related to content for advertisingand/or demonstrating the product. However display devices may alsooperate in an authorized mode, where the display device 62 may accesscertain or any restricted content that may not be accessible in displaymode.

For example, in a retail setting, an employee may intent to demonstratea certain feature on the display device or access certain informationthat is generally restricted on the display device. Authorization may berequired to operate the display device in an authorized mode, such thatthe employee may access the features or content from the display devicewhich may generally be restricted in display mode. As providingauthorization on the display device may be inconvenient or inefficient,the employee may use a second device, also referred to as an authorizingdevice, to grant authorization to operate the display device in anauthorized mode.

With these foregoing features in mind, a general description of suitableelectronic devices for implementing aspects of the present techniques isprovided. In FIG. 1, a block diagram depicting various components thatmay be present in electronic devices suitable for use with the presenttechniques is provided. In FIG. 2, one example of a suitable electronicdevice, here provided as a handheld electronic device, is depicted. InFIG. 3, another example of a suitable electronic device, here providedas a computer system, is depicted. These types of electronic devices,and other electronic devices providing suitable storage and/orprocessing capabilities, may be used in conjunction with the presenttechniques. For example, these and similar types of electronic devicesmay have wireless communication capabilities and may implementnon-alphanumeric, non-biometric authentication schemes to accessrestricted content or functions in accordance with the teachings of thepresent disclosure.

An example of a suitable electronic device may include various internaland/or external components which contribute to the function of thedevice. FIG. 1 is a block diagram illustrating the components that maybe present in such an electronic device 8 and which may allow the device8 to function in accordance with the techniques discussed herein. Aswill be appreciated, the various functional blocks shown in FIG. 1 mayinclude hardware elements (including application specific or genericcircuitry), software elements (including computer code stored on amachine-readable medium) or a combination of both hardware and softwareelements. It should further be noted that FIG. 1 is merely one exampleof a particular implementation and is merely intended to illustrate thetypes of components that may be present in a device 8. For example, inthe presently illustrated embodiment, these components may include adisplay 10, I/O ports 12, input structures 14, data processingcircuitry, such as one or more processors 16, a memory device 18, anon-volatile storage 20, expansion card(s) 22, a networking device 24,and a power source 26.

With regard to each of these components, the display 10 may be used todisplay various images generated by the device 8. The display 10 may beany type of display such as a cathode ray tube (CRT), a liquid crystaldisplay (LCD), a light emitting diode (LED) display, an organic lightemitting diode (OLED) display, or other suitable display. In certainembodiments of the electronic device 8, the display 10 may include atouch-sensitive element, such as a touch screen.

The I/O ports 12 may include ports configured to connect to a variety ofexternal devices, such as a power source or other electronic devices(such as handheld devices and/or computers, printers, projectors,external displays, modems, docking stations, and so forth). The I/Oports 12 may support any standard or proprietary interface type, such asa universal serial bus (USB) port, a video port, a serial connectionport, an IEEE-1394 port, an Ethernet or modem port, and/or an AC/DCpower connection port.

The input structures 14 may include the various devices, circuitry, andpathways by which input or feedback is provided to data processingcircuitry, such as the processor 16. Such input structures 14 may beconfigured to control a function of the device 8 when actuated. Forexample, the input structures 14 may include buttons, sliders, switches,control pads, keys, knobs, scroll wheels, keyboards, mice, touchpads,and so forth. In certain embodiments, the input structures 14 may alsoinclude such components as global positioning system (GPS) circuitryand/or accelerometers that convey information about the location and/ororientation of the device 8 to the processors 16.

In certain embodiments, an input structure 14 and display 10 may beprovided together, such an in the case of a touch screen where a touchsensitive mechanism is provided in conjunction with the display 10. Insuch embodiments, the user may select or interact with displayedinterface elements via the touch sensitive mechanism. In this way, thedisplayed user interface may provide interactive functionality, allowinga user to select, by touch screen or other input structure, from amongoptions displayed on the display 10.

User interaction with the input structures 14, such as to interact witha user or application interface displayed on the display 10, maygenerate electrical signals indicative of the user input. These inputsignals may be routed via suitable pathways, such as an input hub orbus, to data processing circuitry, such as the processor(s) 16, forfurther processing.

The processor(s) 16 may provide data processing capability to executethe operating system, programs, user and application interfaces, and anyother functions of the electronic device 8. The processor(s) 16 mayinclude one or more microprocessors, such as one or more“general-purpose” microprocessors, one or more special-purposemicroprocessors and/or ASICS, or some combination of such processingcomponents. For example, the processor 16 may include one or morereduced instruction set (RISC) processors, as well as graphicsprocessors, video processors, audio processors and/or related chip sets.

The instructions or data to be processed by the processor(s) 16 may bestored in a memory 18. The memory 18 may be provided as a volatilememory, such as random access memory (RAM), and/or as a non-volatilememory, such as read-only memory (ROM). The memory 18 may store avariety of information and may be used for various purposes. Forexample, the memory 18 may store firmware executed by a processor 16(such as basic input/output instructions or operating systeminstructions, including instructions implementing non-alphanumericauthentication (e.g., authentication not based on keys or charactersfound on a keyboard) as discussed herein), other programs that enablevarious functions of the electronic device 8, user interface functions,processor functions. In addition, the memory 18 may be used forbuffering or caching during operation of the electronic device 8.

The components may further include a non-volatile storage 20 forpersistent storage of data and/or instructions. The non-volatile storage20 may include flash memory, a hard drive, or any other optical,magnetic, and/or solid-state storage media. The non-volatile storage 20may be used to store data files such as personal or business information(e.g., financial and other account information), software, wirelessconnection information (e.g., information that may enable the electronicdevice 8 to establish a wireless connection, such as a telephone orwireless network connection), and any other suitable data. In addition,the non-volatile storage 20 may also store code and/or data forimplementing various functions of the electronic device 8, such asapplication or program code, data associated with such applications orprograms, operating system code, user configured preferences, as well ascode for implementing secure user authentication as discussed herein.

The embodiment illustrated in FIG. 1 may also include one or more cardor expansion slots. The card slots may be configured to receive anexpansion card 22 that may be used to add functionality, such asadditional memory, I/O functionality, or networking capability, to theelectronic device 8. Such an expansion card 22 may connect to the devicethrough any type of suitable standard or proprietary connector, and maybe accessed internally or external to the housing of the electronicdevice 8. For example, in one embodiment, the expansion card 22 may beflash memory card, such as a SecureDigital (SD) card, mini- or microSD,CompactFlash card, Multimedia card (MMC), or the like.

The components depicted in FIG. 1 also include a network device 24, suchas a network controller or a network interface card (NIC). In oneembodiment, the network device 24 may be a wireless NIC providingwireless connectivity over any 802.11 standard or any other suitablewireless networking standard. The network device 24 may allow theelectronic device 8 to communicate over a network, such as a Local AreaNetwork (LAN), Wide Area Network (WAN), cellular network, or theInternet. Further, the electronic device 8 may connect to and send orreceive data with any device on the network, such as portable electronicdevices, personal computers, printers, and so forth. Alternatively, insome embodiments, the electronic device 8 may not include a networkdevice 24. In such an embodiment, a NIC may be added as an expansioncard 22 to provide similar networking capability as described above.

Further, the components may also include a power source 26. In oneembodiment, the power source 26 may be one or more batteries, such as alithium-ion polymer battery. The battery may be user-removable or may besecured within the housing of the electronic device 8, and may berechargeable. Additionally, the power source 26 may include AC power,such as provided by an electrical outlet, and the electronic device 8may be connected to the power source 26 via a power adapter. This poweradapter may also be used to recharge one or more batteries if present.

With the foregoing in mind, FIG. 2 illustrates an electronic device 8 inthe form of a handheld device 30, here a cellular telephone, which maybe used as a display device and/or an authorizing device. It should benoted that while the depicted handheld device 30 is provided in thecontext of a cellular telephone, other types of handheld devices (suchas media players for playing music and/or video, personal dataorganizers, handheld game platforms, and/or combinations of suchdevices) may also be suitable be provided as the electronic device 8.Further, a suitable handheld device 30 may incorporate the functionalityof one or more types of devices, such as a media player, a cellularphone, a gaming platform, a personal data organizer, and so forth.

For example, in the depicted embodiment, the handheld device 30 is inthe form of a cellular telephone that may provide various additionalfunctionalities (such as the ability to take pictures, record audioand/or video, listen to music, play games, and so forth). As discussedwith respect to the generalized electronic device of FIG. 1, thehandheld device 30 may allow a user to connect to and communicatethrough the Internet or through other networks, such as local or widearea networks or cellular networks. For example, the handheld device 30may allow a user to communicate using e-mail, text messaging, instantmessaging, or other forms of electronic communication. The handheldelectronic device 30, may also communicate with other devices usingshort-range connections, such as Bluetooth and near field communication.By way of example, the handheld device 30 may be a model of an iPod® oriPhone®, or a derivative thereof, available from Apple Inc. ofCupertino, Calif.

In the depicted embodiment, a housing 32 includes input structures 14through which a user may interface with the device. Each input structure14 may be configured to help control a device function when actuated.For example, in a cellular telephone implementation, one or more of theinput structures 14 may be configured to invoke a “home” screen or menuto be displayed, to toggle between a sleep and a wake mode, to silence aringer for a cell phone application, to increase or decrease a volumeoutput, and so forth.

A display 10 of the handheld device 30 may be used to display agraphical user interface (GUI) 34 that allows a user to interact withthe handheld device 30. The GUI 34 may include various layers, windows,screens, templates, or other graphical elements that may be displayed inall, or a portion, of the display 10. Generally, the GUI 34 may includegraphical elements that represent applications and functions of theelectronic device. The graphical elements may include icons 36 and otherimages representing buttons, sliders, menu bars, and the like. The icons36 may correspond to various applications of the electronic device thatmay open upon selection of a respective icon 36. Furthermore, selectionof an icon 36 may lead to a hierarchical navigation process, such thatselection of an icon 36 leads to a screen that includes one or moreadditional icons or other GUI elements. The icons 36 may be selected viaa touch screen provided as the display 10 in certain embodiments, or maybe selected by a user input structure 14, such as a wheel or button.

In addition to handheld devices 30, such as the depicted cellulartelephone of FIG. 2, an electronic device 8 may also take the form of acomputer or other types of electronic device on which confidentialinformation might be stored and on which software code governing secureaccess to such information might be executed. Such computers may includecomputers that are generally portable (such as laptop, notebook, andtablet computers) as well as computers that are generally used in oneplace (such as conventional desktop computers, workstations and/orservers). In certain embodiments, the electronic device 8 in the form ofcomputer may be a model of a MacBook®, MacBook® Pro, MacBook Air®,iMac®, Mac® mini, or Mac Pro® available from Apple Inc.

By way of example, an electronic device 8 in the form of a laptopcomputer 50 is illustrated in FIG. 3 in accordance with one embodiment.The depicted computer 50 includes a housing 52, a display 10, inputstructures 14, and input/output ports 12. The input structures 14 (suchas a keyboard and/or a touchpad) may be used to interact with thecomputer 50, such as to start, control, or operate a GUI or applicationsrunning on the computer 50. For example, a keyboard and/or touchpad mayallow a user to navigate a user interface or application interfacedisplayed on the display 10. In addition, the input and output ports 12may allow connection of additional devices. For example, the computer 50may include an I/O port 12, such as a USB port or other port, suitablefor connecting to another electronic device, such as a handheldelectronic device 30.

In addition, as discussed with respect to the handheld device 30, thecomputer 50 may include data processing circuitry (such as one or moreprocessors), network connectivity, memory, and storage capabilities thatallow the computer 50 to store and execute a GUI and other applicationssuitable for implementing the present techniques. For example, thecomputer 50 may be capable of storing and executing programming codeencoding routines suitable for accessing confidential information orsecured applications or network connections using non-alphanumeric andnon-biometric inputs (e.g., gestures, sequences, and so forth). Further,to the extent that a computer 50 has network connectivity, suchconnectivity may be utilized to update or modify an existing applicationon the computer 50 to provide such functionality.

In addition to the handheld device 30 of FIG. 2 and the computer 50 ofFIG. 3, the electronic device 10 may take other forms, such as aportable multi-function tablet computing device 58, as depicted in FIG.4. In certain embodiments, the tablet computing device 58 may providethe functionality of more than one type of electronic device, such as adevice incorporating the functionality of two or more of a media player,a web browser, a cellular phone, a gaming platform, a personal dataorganizer, and so forth. For example, in the depicted embodiment, thetablet computing device 58 may provide various additionalfunctionalities, such as the ability to display information, takepictures and record audio and/or video listen to music, play games, andso forth. By way of example only, the tablet computing device 58 may bea model of an iPad tablet computer, available from Apple Inc.

With the foregoing discussion in mind, it may be appreciated thatelectronic device 8 may be suitable for the indirect authorizationtechniques presented in this disclosure. FIG. 5 shows an indirectauthorization system 60. While FIG. 5 illustrates a tablet computer as afirst display device 62 and a cellular telephone as a second authorizingdevice 64, it should be noted that the display device 62 and theauthorizing device 64 can each be one of any suitable display devices.The indirect authorization system 60 also includes a wireless network 66through which the display device 62 and the authorizing device 64communicate. In some embodiments, an authorization server 63 and anapplication server 65 may also be suitable for wireless communicationwith each other and with the display device 62 and the authorizingdevice 64 via the wireless network 66.

While the display device 62 of the indirect authorization system 60generally has many functions, including, but not limited to, anycombination of functions of electronic device 8 mentioned above, thedisplay device 62 may be configured so that only a subset of itsfunctions or content is accessible at a given time. For example, thedisplay device 62 may be configured to run in a display mode, whereunrestricted content is available, but restricted content is accessibleonly after authorization is received. In one or more embodiments, thedisplay device 62 may be configured to operate in display mode todisplay only limited screens of certain images or text, and whenoperating in display mode, the display device 62 may be configured torespond to only certain user inputs. For example, in a retail setting, adisplay device 62 may be configured to display information about acertain product, such as name, price, images, and other productspecifications. In some embodiments, a display device 62 in display modemay be limited to playing a particular video or presentation.

In some embodiments, the display device 62 may also be configured tooperate in an authorized mode. As discussed, the display device 62 mayinclude restricted content or functions in addition to the unrestrictedcontent which generally can only be accessed while the display device 62is in authorized mode. In some embodiments, restricted content mayinclude a range of capabilities including, for example, internetbrowsing, text messaging, connecting to a secure network. The restrictedcontent may also include confidential information or secure functionssuch as looking up inventory, performing a transaction, and so forth.When the display device 62 is granted authorization to operate inauthorized mode, the display device 62 may access certain restrictedfunctions or content. In some embodiments, authorized mode may authorizethe display device 62 to access any available functions or content.Furthermore, in some embodiments, the display device 62 may not includeadditional interface elements for accessing the restricted content.

In some embodiments, an authorizing device 64 may be configured to grantauthorization by receiving an authorization request signal from thefirst device 62 and prompting a user of the authorizing device 64 forauthentication to grant authorization to the display device 62 such thatthe display device 62 may operate in an authorized mode.

The wireless network 66 may be a personal area network (PAN) such as aBluetooth™ network, a local area network (LAN) such as an 802.11 Wi-Finetwork, a wide area network (WAN) such as a 3G or 4G cellular network,and other suitable wireless networks. The authentication server 63 inthe wireless network 66 may include account data and/or identity dataassociated with accounts associated with the indirect authorizationsystem 60. For example, account information for each employee of thesystem 60 may be stored in the authentication server 63. In someembodiments, the authentication server 63 may include processing orcontrol elements suitable for verifying a user's account or verifying auser's authentication input, referred to as authenticating a user. Forexample, the authentication server 63 may compare a user authenticationinput (e.g., an identifying password, gesture, account name, etc.) withaccount data stored in an account database in the authentication server63.

In some embodiments, the indirect authorization system 60 may alsoinclude an application server 65 connected in the wireless network 66.The application server 65 may be configured to proxy between one or moredevices of the system 60, such as between one or more display devices 62and one or more authorizing devices 64. The application server 65 may besuitable for transmitting various signals (e.g., authorization requestsignal, authentication input, and/or authorizing signal, etc.) betweendifferent devices of the system 60. In some embodiments, the applicationserver 65 may also verify an authority level of an authenticated userfor performing a function, accessing content, authorizing access tocontent or functions, and/or monitoring access to content. In someembodiments, processing components or data associated withauthentication and authorization may be stored in the authorizing device64.

FIG. 6 is a flowchart of an indirect authorization process 68, and FIGS.7-9 illustrate screens on the display device or the authorizing deviceduring the indirect authorization process 68. As such, FIGS. 6-9 will bediscussed concurrently. In some embodiments, the indirect authorizationprocess 68 may begin (block 70) with the display device 62 operating indisplay mode. The process 68 may then involve entering (block 72) thedisplay device 62 in ready mode. Ready mode may refer to an operationalstate of the display device 62 where the display device 62 indicates toan authorizing device 64 that the display device 62 is requestingauthorization to operate in authorized mode and/or ready to receiveauthorization to operate in authorized mode. In some embodiments, adisplay device 62 operating in ready mode may have similar functions asa device 62 operating in display mode. Entering (block 72) the displaydevice 62 in ready mode may generally be performed by a user havingknowledge of how to enter the display device 62 in ready mode. Forexample, while an unauthorized user (e.g., a customers) may not haveknowledge of what inputs or actions may change the display device 62from display mode to ready mode, an authorized user (e.g., an employee)may enter the display device 62 to ready mode in a process ofauthorizing the display device 62 for access to restricted content.

FIG. 7 is an illustration of one embodiment of entering (block 72) adisplay device 62 in ready mode. As illustrated in FIG. 7, the displaydevice 62 may be configured to display unrestricted content (e.g.,produce specifications) while in a display mode. The display device 62may be entered (block 72) into ready mode in response to receiving agesture-based user input on the display. In the illustrated embodiment,the display device 62 is a touch-screen enabled device, and may beconfigured to detect a user's contact with the touch-screen display 10.The display device 62 may have a ready-mode gesture 100 stored inmemory. The ready-mode gesture 100 may be a pattern or path of a user'scontact (e.g., via a user's finger) over the surface of the display 10on the display device 62. When the display device 62 detects that theappropriate ready-mode gesture 100 has been input in the display 10, thedisplay device 62 may enter ready mode. For example, in someembodiments, the ready-mode gesture 100 may be known by users authorizedto enter the display device 62 in ready mode and/or authorized tooperate the display device 62 in authorized mode. Furthermore, someembodiments may include different means of entering (block 72) thedisplay device 62 in ready mode, such as activating other user interfaceelements (e.g., an icon, a button, a switch, etc.), holding the displaydevice 62 a certain way, or inputting a code. In some embodiments, thedisplay device 62 may transmit (block 74) an authorization request 76once the display device 62 is in ready mode.

The authorization request 76 may be received (block 78) by a seconddevice, referred to as the authorizing device 64, over a wirelessnetwork 66. In response to receiving (block 78) the authorizationrequest 76, the authorizing device 64 may prompt (block 80) a user forauthentication. FIG. 8 is an illustration of a progression 102 ofscreens of the authorizing device 64 depicting a user interface of theauthorizing device 64 in response to receiving (block 78) anauthorization request 76 in the indirect authorization process 68. Inresponse to receiving (block 78) an authorization request 76, theauthorizing device 64 may be configured to display an authorizationrequest notification 104. In the present embodiment, the authorizationrequest notification 104 may appear on the display 10 on top of thecurrent content of the display when the authorization request isreceived and may indicate to a user of the authorizing device 64 that adisplay device 62 has requested authorization to operate in authorizedmode. In the present embodiment, the authorization request notification104 displays a message 106 viewable by the user and an identificationreference 108 of the display device 62. In some embodiments, thenotification 104 may also include an ignore button 110 and an acceptbutton 112. Activation of the ignore button 110 may dismiss theauthorization request notification 104 from the display 10, andactivating the accept button 112 may continue the indirect authorizationprocess 68 on the authorizing device 64, and the authorizing device 64may prompt (block 80) a user of the device 64 for authentication. Asused herein, “activating” a button may be done by a number of actions,such as pressing, pushing, selecting, touching, and so forth, dependingon the interface type.

The authorizing device 64 may prompt (block 80) a user forauthentication by displaying a user interface for receiving user inputsrepresenting a user account. For example, in some embodiments, theauthorizing device 64 may display an arrangement of gesture nodes 114having multiple gesture nodes 116, and the user may input anauthentication input 82 by contacting (e.g., touching, swiping, tracing,etc.) the arrangement of gesture nodes 114 in a path or pattern,referred to as a gesture input. In some embodiments, the authorizingdevice 64 may display account and/or password data fields, and a usermay input an authentication input 82 by entering information such as anaccount name and/or password, referred to as a password input. In someembodiments, the gesture input and the password input are embodiments ofthe authentication input 82, which generally corresponds to a useraccount in the system 60 (FIG. 5).

In some embodiments, the authentication input 82 (e.g., a gesture input,password input, etc.) may be transmitted (block 84) by the authorizingdevice 64 to an authentication server 63 (FIG. 5) connected to thewireless network 66. In some embodiments, the authentication server 63may include control or processing elements suitable for comparing theauthentication input 82 with a database or collection of user accounts.Based on the authentication input 82, the authentication server 63 mayauthenticate (block 86) the user of the authorized device 64. Morespecifically, the authentication server 63 may determine whether theauthentication input 82 is associated with an account in the system 60.In some embodiments, the authentication server 63 may communicate withan application server 65 which may verify (block 88) the authority of anauthenticated user to determine whether the user entering theauthentication input 82 has the authority to grant authorization for thedisplay device 62 to operate in authorized mode. It should be noted thatin some embodiments, authentication and/or authorization may occur onthe authorizing device 64.

In some embodiments, once a user of the authorizing device 64 has beenauthenticated (block 86) and once the user's authority has been verified(block 88), an authorization signal 92 may be transmitted (block 90) tothe display device 62. In some embodiments, the authorization signal 92may be transmitted by either the application server 65, theauthentication server 63, or the authorizing device 64. The authorizingdevice 64 may also display an indication 118 that the display device 62is authorized to operate in authorized mode. The indication 118 may alsoinclude a close button 120 for dismissing the indication 118 andreturning the authorizing device 64 to its original state previous toentering the indirect authorization process 68.

Once the display device 62 receives (block 94) the authorization signal92. The display device 62 may process the signal and begin operating(block 96) in an authorized mode. In authorized mode, the display device62 may generally access to additional content and functions previouslyrestricted when the display device 62 operated in a display mode orready mode. In some embodiments, operation in authorized mode involvesauthorization to access only certain functions or content in the displaydevice 62. For example, an authorizing device 64 may select categoriesof functions or content which may be authorized for access on thedisplay device 62 during its operation in authorized mode.Alternatively, the display device 62 may indicate the particularfunctions or content for which access is requested in the authorizationrequest 76. In some embodiments, the authorization signal 92 may grantauthorization for a limited period of time (e.g., 5 minutes, 10 minutes,etc.) or for a limited amount of data (e.g., 50 MB), and in someembodiments, the authorized mode may involve a removal or restrictionsand full access to any content or functions of the display device 62.

FIG. 9 is an illustration of another progression 122 of screens whichmay be displayed by the authorizing device 64 in an indirectauthorization process 68 As illustrated in FIG. 9, one embodimentincludes displaying a map view 124 of a group of display devices 62represented as nodes 126. The map view 124 may show the display devices62 based on their location relative to each other as well as theauthorizing device 64. The map view 124 may be configured to showdetails regarding the display devices 62 such as type of device, usage,and so forth. The may view 124 may also indicate if one or more of thedisplay devices 62 has been put in ready mode and requiresauthorization. In the embodiment illustrated in FIG. 9, the map view 124may display an indication 128 that a particular display device 62 (e.g.,device 5 in the illustration) has transmitted an authorization requestsignal. Such an indication 128 may include, for example a flashing node,a different color node, or other form of differentiation. To proceedwith indirect authorization a display device 62, a user may select adisplay device 62. For example, in some embodiments, the indicateddevice may be selected. Selecting a display device 62 may result in theauthentication and authorization process previously discussed withrespect to FIGS. 5 and 8.

In one or more embodiments, an authorizing device 64 may be configuredto receive authorization requests 76 from more than one display device62. In such embodiments, the authorizing device 64 may be configured todisplay an authorization request queue screen 130, as shown in FIG. 10.The authorization request queue screen 130 may include a total 132 ofpending authorization requests 134 and list each pending authorizationrequests 134. In the present embodiment, each pending authorizationrequest 134 includes an identification number 108 of the requestingdevice, a requested content 136, and a time of request 138. Theauthorizing device 64 is configured to allow the user to select anypending authorization request 134 for authorizing.

While in some embodiments, the indirect authorization techniquesinvolves transmitting a wireless request signal from a display device 62to an authorizing device 64, in other embodiments, the authorizingdevice 64 may not necessarily receive a request signal before proceedingto authorize a display device 62. For example, FIG. 11 illustrates anembodiment of indirect authorization techniques where a display device62 may not necessarily transmit an authorization request to anauthorizing device 64. As illustrated in FIG. 11, a display device 62may include a visual identifier or code, such as a barcode 138, disposedon the exterior of the device 62 or on any portion of the device 62 thatis visibly accessible. For example, the barcode 138 may be disposed onthe back of the device 62. If a user of an authorizing device 64 wishesto operate the display device 62 in authorized mode, the authorizinguser may scan the barcode 138 of the display device 62 to authorize thedisplay device 62 associated with the particular scanned barcode 138. Insome embodiments, the authorizing device 64 may include an opticalsensor 140, such as a camera, and may be configured to capture an imageof the barcode 138. The authorizing device 64 may then match the imageof the barcode 138 with a database of barcodes to identify the displaydevice 62 on which the barcode 138 is disposed. If the barcode 138 isrecognized, the authorizing device 64 may transmit an authorizationsignal to the display device 62 on which the barcode 138 is disposed.

In some embodiments, the database of barcodes may be stored on asuitable server (e.g., authentication server 63 or application server 65in the system 60) or in the authorizing device 64. Furthermore, in someembodiments, upon identification of a barcode 138, the authorizingdevice 64 may request authentication and/or authorization of a user ofthe authorizing device 64 (as discussed with respect to FIGS. 5 and 8)before proceeding to authorize the display device 62.

Furthermore, in some embodiments, the display device 62 may display oremit or transmit an indication that the particular display device 62 isin ready mode. For example, the ready-mode indication may include anaudio signal detectable by the authorizing device 64 and/or a visualsignal displayed by the display device 62 and detectable by theauthorizing device 64. For instance, as illustrated in FIG. 12, inresponse to being entered in ready mode, the display device 62 maydisplay a sequence of flashing nodes 142 on its display 10. The sequenceof flashing nodes 142 may represent a code identifying the displaydevice 62 and/or indicating that the particular display device 62 isoperating in ready mode. In this embodiment, the authorizing device 64may scan or capture the sequence of flashing nodes 142 with its opticalsensor 140. The authorizing device 64 may recognize the code representedby the sequence of flashing nodes and match it with the identity of thedisplay device 62 to proceed with authorizing the display device 62. Insome embodiments, the indirect authorization process may continue withauthenticating and/or authorizing a user of the authorizing device 64 toauthorize the display device 62.

While in some embodiments, the indirect authorization techniques may beinitiated by the display device 62 entering a ready mode and/ortransmitting a wireless request signal to an authorizing device, in someembodiments, indirect authorization may be initiated by the authorizingdevice 64. For example, a user of the authorizing device 64 may select(e.g., from a list or a map 128 of display devices 62) a display device62 to authorize. When a particular display device 62 is selected, theindirect authorization techniques may involve authenticating and/orauthorizing a user of the authorizing device 64 to continue withauthorizing the selected display device 62.

Furthermore, in one or more embodiments, the indirect authorizationprocess may involve authorizing a display device 62 without requestingadditional authentication and/or authorization for each receivedauthorization request on an authorizing device 64. For example, anauthorizing device 64 may transmit an authorization signal to thedisplay device 62. Such embodiments may assume that a user of theauthorizing device 64 is authenticated and authorized. For example,authorizing a display device 62 without additional authentication and/orauthorization may be based on proximity (e.g., if the display device 62and the authorizing device 64 are within 2 feet apart). In someembodiments, the authorization signal transmitted by the authorizingdevice 64 may pass through a server (e.g., an application server 64) toverify the authorization of the display device 62.

The specific embodiments described above have been shown by way ofexample, and it should be understood that these embodiments may besusceptible to various modifications and alternative forms. It should befurther understood that the claims are not intended to be limited to theparticular forms disclosed, but rather to cover all modifications,equivalents, and alternatives falling within the spirit and scope ofthis disclosure.

What is claimed is:
 1. A system, comprising: a display device configuredto operate in a display mode, wirelessly receive an authorizationsignal, and operate in an authorized mode in response to receiving theauthorization signal; an authorizing device configured to receive anauthentication input to authorize the display device; and processingcircuitry external to the display device, wherein the processingcircuitry is configured to wirelessly transmit an authorization signalto the display device if the authentication input is authenticated andif the display device is authorized.
 2. The system of claim 1, whereinat least one of the display device and the authorizing device is a touchscreen device.
 3. The system of claim 1, wherein the display device isconfigured to operate in a ready mode before operating in the authorizedmode, wherein the display device is configured to receive and processthe authorization signal while operating in the ready mode.
 4. Thesystem of claim 3, wherein the display device is configured to operatein the ready mode upon receiving a ready-mode input.
 5. The system ofclaim 4, wherein the display device is configured to transmit anauthorization request signal upon receiving the ready-mode input.
 6. Thesystem of claim 1, wherein the authorizing device is configured toreceive an authorization request signal from the display device andconfigured to prompt for the authentication input on the authorizingdevice in response to receiving the authorization request signal.
 7. Thesystem of claim 1, wherein the authorizing device is configured toproduce an indication in response to receiving the authorization requestfrom the display device, wherein the indication comprises an audioindication, a visual indication, or a combination thereof.
 8. The systemof claim 1, wherein the authorizing device is configured to receive anauthentication input for verifying an identity of a user of theauthorizing device.
 9. The system of claim 8, comprising anauthentication server configured to wirelessly communicate with theauthorizing device, wherein the authorizing device is configured totransmit the authentication input to the authentication server, andwherein the authentication server is configured to verify the identityof the user of the authorizing device based on the authentication input.10. The system of claim 9 comprising an application server comprisingthe processing circuitry is configured to wirelessly transmit theauthorization signal to the display device, wherein the applicationserver is configured to receive authentication data from theauthentication server and transmit the authorizing signal based on theauthentication data.
 11. The system of claim 10, wherein the authorizingdevice comprises the processing circuitry external to the displaydevice.
 12. The system of claim 1, wherein the display device isconfigured to transmit an authorization request signal to an authorizingdevice, and wherein the authorizing device is configured to receive theauthorization request signal from the display device and request theauthentication input from a user of the authorizing device in responseto receiving the authorization request signal.
 13. An indirectauthorization system, comprising: a display device comprising restrictedcontent and unrestricted content, wherein the display device isconfigured to operate in a display mode where only the unrestrictedcontent is accessible, transmit a request signal before entering anauthorized mode where a portion of the unrestricted content isaccessible, receive an authorization signal, and operate in theauthorized mode in response to receiving the authorization signal; anauthorizing device configured to receive the request signal from thedisplay device and receive an authentication input; a server configuredto receive the authentication input from the authorizing device,authenticate the authentication input, and transmit the authorizationsignal to the display device; and a wireless network configured tosupport communication between the display device, the authorizingdevice, and the server.
 14. The indirect authorization system of claim13, wherein the display device is configured to transmit the requestsignal to a plurality of authorizing devices.
 15. The indirectauthorization system of claim 13, wherein the authorizing device isconfigured to queue received request signals from a plurality of displaydevices.
 16. The indirect authorization system of claim 13, wherein thedisplay device is configured to select one of a plurality of authorizingdevices for transmitting the request signal.
 17. The indirectauthorization system of claim 13, wherein the request signal is one ofan optical signal and an audio signal.
 18. The indirect authorizationsystem of claim 17, wherein the authorizing device comprises a cameraconfigured to detect the optical signal.
 19. A method, comprising:operating a display device in display mode such that unrestrictedcontent is accessible on the display device while restricted content isnot accessible on the display device; receiving an authentication inputat an authorizing device; wirelessly transmitting an authorizationsignal to the display device from a device external to the displaydevice if the authentication input is authenticated; and operating thedisplay device in an authorized mode after the display device receivesthe authorization signal, wherein operating the display device in theauthorized mode comprises accessing some or all of the restrictedcontent.
 20. The method of claim 19, comprising operating the displaydevice in a ready mode in response to receiving a ready-mode input onthe display device.
 21. The method of claim 20, comprising transmittingan authorization request from display device to the authorizing devicewhen the display device is operating in the ready mode.
 22. The methodof claim 19, comprising authenticating the authentication input bycomparing the authentication input to an account database in anauthentication server.